I don't know if I'd consider that a phish as much as a Nigerian/419 scam. And there are marked differences between the two.

Scams (variations of 419/Nigerian type)
  • - usually involves the claim that the recipient will receive a large some of money for a small investment
    - scams usually involve sending money to someone for a preceived service OR receiving money for an auction
    - scams may also (as I noticed in a recent one) involve the transmission of goods and payments bouncing (fake money orders, cashier's cheques, etc.)
    - scams rarely involve credit cards, pin numbers and the like
    - scams are often done via email
    - some scams play on people's emotions (recently saw one that pleaded for help after family lost and they couldn't access their parents "millions")
    - top source: Nigeria


Phishing (Art of Gathering Information/Online Social Engineering)
  • - the activity is relatively an old practise but with newer twists. Historical done as an email attempt to get a user to send the attacker what their user name and password is to the server they access (think early internet and logging on to a single terminal -- pre-browser days; and yes, I remember these days)
    - today, it starts with email and often leads to a website
    - the email, representing a "credible" firm informs the user of the need for more information from them. Usually it centers around one of the following:
    PHP Code:
    violation in the account
    violation to the account
    potention malicious activity by the user (best two I've seen in this regard: child porn and terrorist links)
    - potention investigation of user
    - verification of user/account info
    - upgrading of security features 
    - the email provides, for ease of use to the user, a link that has a spoofed URL. Main browser that has been targetted for this: Internet Explorer
    - generally the website asks for things like username, password, credit card number, bank card number, security code on card(s), DOB, driver's license, SIN #, Mother's Maiden name, etc.
    - many of these sites have links and graphics from the original source site
    - main sites of target: eBay and Paypal are the two largest. Others: Visa, CitiBank, SunTrust, FDIC, etc.
    - the url sometimes can be just enough to fool e.g., www.citibank-financial.com. Citibank is www.citibank.com but some may not realize that.
    - top source for these: USA


My contention is that email SHOULD NOT have HTML capabilities and the person that thought this was a good idea be shot. Worst. Idea. Ever.

That all said, I do think it's worth while to have a list of phishing. While Antiphishing does a good job of keeping an archive, it seems rather selective. I've included a sample of a recent phish.

Oh.. and if you get a phish, notify the company that it affects (e.g., Paypal if it's a Paypal phish). They often can get the site dealt with quickly before anyone gets hugely hurt.

Dear PayPal Member,

Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your PayPal account and to ensure a safe PayPal experience. We require all flagged accounts to verify their information on file with us. To verify your Information at this time, please visit our secure server webform by clicking the hyperlink below

Click here to verify your Information



Thank you for using PayPal!
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.


Protect Your Account Info
Make sure you never provide your password to fraudulent websites.

To safely and securely access the PayPal website or your account, open up a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal URL (http://www.paypal.com/).

PayPal will never ask you to enter your password in an email.

For more information on protecting yourself from fraud, please review our Security Tips at http://www.paypal.com/securitytips

PayPal Email ID PP478
See attachment for HTML version. The code below is the "phish" location.

PHP Code:
<td class=3D"pp_sansserif" align=3D"center"><a href=3D"http://66.219.105.161/webscr/" onMouseOver=3D"window.status=3D'https://www.paypal.com';return true;" onMouseOut=3D"window.status=3D' '; return true;">Click here to verify your Information</a